1 files changed, 7 insertions, 33 deletions

diff --git a/Omni/Cloud/Comms/Xmpp.nix b/Omni/Cloud/Comms/Xmpp.nix
index 5a8264b..ea50ed9 100644
--- a/Omni/Cloud/Comms/Xmpp.nix
+++ b/Omni/Cloud/Comms/Xmpp.nix
@@ -29,8 +29,8 @@ in {
     package =
       pkgs.prosody.override {withCommunityModules = ["conversejs"];};
 
-    # when i learn how to use security.acme better, and use separate certs, then i
-    # can fix this group
+    # this is necessary bc prosody needs access to the acme certs managed in Omni/Cloud/Web.nix, when
+    # i learn how to use security.acme better, and use separate certs, then i can fix this group
     group = "nginx";
     admins = ["bsima@${rootDomain}"];
     allowRegistration = true;
@@ -51,7 +51,7 @@ in {
       dialback = true;
       disco = true;
       groups = true;
-      http_files = false; # hm, look into this
+      http_files = false; # https://prosody.im/doc/modules/mod_http_files
       motd = true;
       pep = true;
       ping = true;
@@ -108,17 +108,6 @@ in {
         roomDefaultModerated = true;
         roomDefaultPublic = false;
       }
-      {
-        domain = "chat.${rootDomain}";
-        maxHistoryMessages = 10000;
-        name = "Chat Rooms";
-        restrictRoomCreation = false;
-        roomDefaultHistoryLength = 200;
-        roomDefaultMembersOnly = false;
-        roomDefaultModerated = false;
-        roomDefaultPublic = true;
-        roomDefaultPublicJids = true;
-      }
     ];
 
     virtualHosts = {
@@ -192,23 +181,8 @@ in {
 
   users.users.nginx.extraGroups = ["prosody"];
 
-  security.acme.certs.${rootDomain}.extraDomainNames = [
-    # these stopped working idk why
-    #"upload.${rootDomain}"
-    #"conference.${rootDomain}"
-    "anon.${rootDomain}"
-    "chat.${rootDomain}"
-  ];
-
-  #security.acme.certs.prosody = {
-  #  domain = "${domain}";
-  #  group = "prosody";
-  #  dnsProvider = "rfc2136";
-  #  #credentialsFile = config.secrets.files.dns_creds.path;
-  #  postRun = "systemctl restart prosody";
-  #  extraDomainNames = [
-  #    domain
-  #    "upload.${domain}"
-  #  ];
-  #};
+  # restart prosody when we renew the main cert
+  # https://github.com/NixOS/nixpkgs/issues/133904
+  systemd.services.prosody.requires = ["acme-finished-${rootDomain}.target"];
+  systemd.services.prosody.after = ["acme-finished-${rootDomain}.target"];
 }